Overview

overview

10

Static

static

8

impormasyo...50.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    impormasyon #PK03016350.doc

  • Size

    225KB

  • Sample

    230315-vhfggsge8w

  • MD5

    3845abf7b760cfad84c6ff2b171baf11

  • SHA1

    f8abcf035042ac2fa8e9c8f371b194b187592c08

  • SHA256

    9aabec7933de24943ec1ceb8ad895cecabc33d39bb3aff928987ffc948402610

  • SHA512

    b69c53b6ded187b25ea27054acab625eb10adc6e6d602662084b00b68a5d6144ab3c8d8981c8a6729f4f87bf19b8c4dcdfd809721af6ac2d3f7555ea8cd3a814

  • SSDEEP

    3072:f4PrXcuQuvpzm4bkiaMQgAlSUlK4fbSpAA:QDRv1m4bnQgISSKQepAA

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://marmolhi.com/_vti_bin/0nNKKlWZ4/
exe.dropper

https://comerciopuravida.com/wp-admin/qqUV32Q/
exe.dropper

http://www.closmaq.com.br/wp-admin/nc/
exe.dropper

http://pulseti.com/isla/61D/
exe.dropper

https://hotelunique.com/teste/oxda9J0BvF/
exe.dropper

http://greensync.com.br/aspnet_clientOld/Xyicd/
exe.dropper

http://muabannodanluat.com/wp-admin/css/colors/kIxtL8/

Targets

    • Target

      impormasyon #PK03016350.doc

    • Size

      225KB

    • MD5

      3845abf7b760cfad84c6ff2b171baf11

    • SHA1

      f8abcf035042ac2fa8e9c8f371b194b187592c08

    • SHA256

      9aabec7933de24943ec1ceb8ad895cecabc33d39bb3aff928987ffc948402610

    • SHA512

      b69c53b6ded187b25ea27054acab625eb10adc6e6d602662084b00b68a5d6144ab3c8d8981c8a6729f4f87bf19b8c4dcdfd809721af6ac2d3f7555ea8cd3a814

    • SSDEEP

      3072:f4PrXcuQuvpzm4bkiaMQgAlSUlK4fbSpAA:QDRv1m4bnQgISSKQepAA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks